US, Europe investigate Google’s bypass of Safari privacy settings

US and European officials are investigating Google's method of serving up …

The US Federal Trade Commission and European regulators have opened investigations into Google's recent circumvention of the default privacy settings in Apple's Safari browser.

Privacy advocates asked the FTC to investigate last month after it was discovered that Google was using special code that served up advertising cookies to Safari users despite privacy settings intended to block cookies. Google acknowledged the problem, but said it was an accident and that it would discontinue the practice. But the Wall Street Journal reported last night that the FTC is now investigating whether the Safari cookie use violated a legal settlement with the government, in which Google promised that it wouldn't misrepresent its privacy practices to consumers.

Google's Safari tracking is also being investigated by CNIL, a French data protection commission, which is conducting a broad investigation into Google's privacy practices on behalf of the European Union. CNIL has added the Safari privacy setting circumvention to its existing investigation, the Journal reported. European regulators recently said Google's new privacy policy—which allows for more data sharing across Google services—violates European law.

A Google spokesperson told the Journal that "We will of course cooperate with any officials who have questions… But it's important to remember that we didn't anticipate this would happen, and we have been removing these advertising cookies from Safari browsers."

I seem to remember though that when Apple started blocking third party cookies by default it was speculated this was to try to damage Google's ad revenues or something like that. I also recall reading that it stops some services working (not ad related) compared to all the other major browsers which is probably why the aforementioned came up with workarounds (still not good though!).

Also blocking cookies is a poor solution if you don't want to be tracked. You also need to at the very least block javascript otherwise stuff like Google Analytics will be unaffected (this tool is pretty useful for webmasters though to get statistics on page use!).

So the way I see this issue is: bad Google and others for working around Apple's (very weak) security measure of blocking cookies that may have been aimed at competitors rather than actually anything pro security. However, if Google promised not to do this kind of thing with the US and EU then they deserve everything they get (I just hope Facebook, etc. aren't ignored just because they didn't have agreements not to be naughty with the US, EU, etc.)

I know people like to rail on governments making too many regulations for businesses to function, etc.

But actions like these is businesses own fault for bringing on the coming regulations.

Many regulations have come about because of flagrant unethical behaviour by companies which has necessitated them. Companies have no morals and will do whatever they can get away with. Sadly this now seems to include lobbying to weaken regulations now that they realise they're stuck with them.

Since the whole enconomic crisis we now have can be directly tied to a weakening in banking regulations I don't think anyone but a libertarian (who by definition seem to be delusional) would be against at least some regulation. How many times do companies have to prove they can't be trusted before they are more strongly regulated?

I seem to remember though that when Apple started blocking third party cookies by default it was speculated this was to try to damage Google's ad revenues or something like that.

Someone went back and looked, and 3rd party cookies have been blocked on the iPhone since the first one came out and Apple and Google were still buddy-buddy. I think the same has been done in Safari. So while the result has been harmful to Google's revenue stream, it wasn't done in retaliation, and the whole "set default to block 3rd party cookies" fits in with Apple's mentality of "we know better than the customer and will make it better for them" anyway.

Apple is not exactly known for super security measures, I wouldn't be surprised if this turns out to be the result of "mah google shit dun werk right in mah safari" & apple says it must be yer code" followed by a quick search for why safari is only accepting some cookies that resulted in a "oh ok, whatever" stupid simple way of bypassing the "strange bug" talked about somewhere.

I seem to remember though that when Apple started blocking third party cookies by default it was speculated this was to try to damage Google's ad revenues or something like that.

Someone went back and looked, and 3rd party cookies have been blocked on the iPhone since the first one came out and Apple and Google were still buddy-buddy. I think the same has been done in Safari. So while the result has been harmful to Google's revenue stream, it wasn't done in retaliation, and the whole "set default to block 3rd party cookies" fits in with Apple's mentality of "we know better than the customer and will make it better for them" anyway.

Apple has been touting security features since the 2006 “I'm a Mac/I'm a WindowsXP crawling with viruses” spot. That ad was retired when Vista came out, but it still sticks in many people's craws how smug Apple was 10 years ago about safer browsing for n00bs. Versus XP, which, for all its many merits (it was MY favorite version of Windows), probably was the vector for MORE malware angst than all other OS versions combined.

Apparently, still in 2012. People still diss Apple for creating easy, obvious settings for “privacy” and also setting a non-Draconian default that preserves the ability to work with preferred sites. Fancy that, an approach that works well for both n00bs and experts! Not sure that this is Apple in control of your computing so much as putting the user first.

What I understood from previous Arsticles is that Google only left cookies if you were logged into Google's products. IE gmail, google.com etc. So in that case would you not have to change your google settings and not Sifarri settings?

What I understood from previous Arsticles is that Google only left cookies if you were logged into Google's products. IE gmail, google.com etc. So in that case would you not have to change your google settings and not Sifarri settings?

The way I understood it Google found the whole in the webkit code, told Apple and they didn't fix it. Perhaps the FTC should look at Apple for their utter disregard of user security and privacy.

What I understood from previous Arsticles is that Google only left cookies if you were logged into Google's products. IE gmail, google.com etc. So in that case would you not have to change your google settings and not Sifarri settings?

The way I understood it Google found the whole in the webkit code, told Apple and they didn't fix it. Perhaps the FTC should look at Apple for their utter disregard of user security and privacy.

You realize that's akin to someone telling your doors unlocked sees a few weeks later and just walks in while you're not home right?

Doesn't make the person leaving the door unlocked any less stupid, but doesn't mean they should get in trouble for it.

What I understood from previous Arsticles is that Google only left cookies if you were logged into Google's products. IE gmail, google.com etc. So in that case would you not have to change your google settings and not Sifarri settings?

The way I understood it Google found the whole in the webkit code, told Apple and they didn't fix it. Perhaps the FTC should look at Apple for their utter disregard of user security and privacy.

Oh, Google warned Apple that they were coding pages so as to work around the user's indicated Safari security settings, breaking users' expectations of privacy? They told Apple but they immediately reversed course when the Wall St Journal discovered and reported their unethical behavior? And they undertook this not-really-surreptitious action despite having an agreement with the FTC to uphold user privacy standards, enough of a violation of their commitments that the FTC has opened an investigation into this exploit? And somehow that's really Apple's fault?

Let's see a cite that Google notified Apple's customers, who were the real people affected by this. I certainly never got a notice that Google intended to override my personal security policy (not coincidentally, the way the phone shipped) of only accepting cookies from sites that I'd visited.

Sounds like utter BS on the face of it, worst kind of phony rationalization. Bring on the documentation for this claim, otherwise a retraction/apology for spreading propaganda from the (Un-?)Official Google Disinformation Dept.

Let the idiots investigate them all they want - the cookies involved according to them weren't used for tracking. Just like last year's apple debacle, a bunch of dumbasses in government need to show they are doing their job by showing us they know nothing about how the internet works.

What I understood from previous Arsticles is that Google only left cookies if you were logged into Google's products. IE gmail, google.com etc. So in that case would you not have to change your google settings and not Sifarri settings?

The way I understood it Google found the whole in the webkit code, told Apple and they didn't fix it. Perhaps the FTC should look at Apple for their utter disregard of user security and privacy.

You realize that's akin to someone telling your doors unlocked sees a few weeks later and just walks in while you're not home right?

Doesn't make the person leaving the door unlocked any less stupid, but doesn't mean they should get in trouble for it.

No it isn't. You can think of a better analogy where people submitted a feature request in webkit to relax third party authentication/cookies for those stupid twitter/google/facebook buttons to go through since you are on a third party website.